Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Statistics of Malware Targeting the Financial Sector
Top 10 Major Malware Targeting the Financial Sector
|
Attack Phase |
Malware Category |
MD5 Hash |
|
Phase 1 |
Phishing |
F57FA515AFB84F034B5025CF597C2AB4 |
|
Phase 1 |
Phishing |
03267C03B3511FEFE59C54E582E7A7C9 |
|
Phase 2 |
Backdoor |
82D0F2A189262D9555D6DB9723645D07 |
|
Phase 2 |
Backdoor |
2F06DD4E6D4C72032CDE55C3D0E88FD3 |
|
Phase 2 |
Downloader |
87982F1F940CC4AD215CE2DD3FE45678 |
|
Phase 2 |
Dropper |
06AF7E3BD05111DA4DEBC5454B92ED0E |
|
Phase 3 |
Ransomware |
B2B6D9E4E04D997AC6570F6F82ECF759 |
|
Phase 3 |
Ransomware |
977E10AAFC67751AADE5CC0F426250D1 |
|
Phase 3 |
Infostealer |
84EDA553AFA59A4D8C4A13957CFA4E24 |
|
Phase 3 |
Infostealer |
68755B522C4C2D50381E9C0C259D0720 |
Phishing Email Distribution Cases Targeting the Financial Sector
– Case 1. Targeting Korea Investment & Securities employees by disguising as CJ Logistics emails
|
Impersonation target |
– Impersonation of parcel delivery company (CJ Logistics), disguised as emails about post-payment customs clearance tax payments |
|
Phishing methodology |
– Clicking on the image in the email body redirects to a phishing page – The image object contains a hyperlink to the phishing page address |
|
Infection aftermath |
– Induces input of account credentials through a site disguised as Korea Investment & Securities – Subsequently redirected to the official website of Korea Investment & Securities – C2 domain: ifckashmir[.]com |
Figure. Content of the phishing email impersonating CJ Logistics
Figure. Redirected to the Korea Investment & Securities landing page after logging in
